lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: abaker at gmail.com (ASB)
Subject: Windows Update

Just because the Automatic Update service is enabled, doesn't mean
that updates will be automatically "installed".  There are various
options for configuration.

I require AU enabled because I'm using SUS, and I control when updates
are available.

The automatic nature of the service is not an implicit evil.

-ASB

On Sat, 21 Aug 2004 19:56:14 -0400, ?ber GuidoZ <uberguidoz@...il.com> wrote:
> Umm, hold on a sec here...
> 
> (snip from "James Tucker"):
> > There really should be no reason why you would want to disable the
> > Automatic Updates service anyway, unless you are rolling out updates
> > using a centralised distribution system, in which case you would not
> >need it anyway.
> 
> I believe you are missing one fundamental point: SPs and updates are
> notorious for breaking something else. (Especially from Microsoft.)
> Granted, if fixing a security weakness breaks something you're using,
> then that aspect could have been written better. However, that still
> doesn't fix it when an entire business network goes down and YOU are
> the one responsible. I do not allow ANY automatic updates (except for
> virus definitions) to run on ANY networks I am in charge of. I take
> the time (like every good sysadmin should) to look over each update
> before applying it so I know three things:
> 
> 1. What it's fixing/patching
> 2. Why it's fixing/patching it
> 3. What will be the end result of the fix/patch
> 
> If you would simply allow updates and SPs to have free reign over your
> system(s) without taking any time to look over those updates, you're
> going to be one busy and irritated sysadmin. That is, if you still
> have a job after a little bit.
> 
> ~G
> 
> P.S. Don't take my word for it. Look here:
> - http://www.infoworld.com/article/04/08/12/HNdisablesp2_1.html
> - http://www.pcworld.idg.com.au/index.php/id;1183008015;fp;2;fpid;1
> - http://www.integratedmar.com/ecl-usa/story.cfm?item=18619
> - http://www.vnunet.com/news/1157279
> - Or, find the other 200+ articles by searching Google News
>    for "disable automatic update sp2"  =)
> 
> 
> 
> On Sat, 21 Aug 2004 18:51:40 -0300, James Tucker <jftucker@...il.com> wrote:
> > Here I found that I can have BITS and Automatic Updates in "manual",
> > Windows Update works fine here. It may be a good idea to refresh the
> > MMC console page, as you will probably find that at time the service
> > had shut down if and when BITS was stopped prematurely (i.e. when it
> > was in use).
> >
> > There really should be no reason why you would want to disable the
> > Automatic Updates service anyway, unless you are rolling out updates
> > using a centralised distribution system, in which case you would not
> > need it anyway.
> >
> > If you are worried about system resources, you should look into how
> > much the service really uses; the effect is negligable, in fact there
> > is more impact if you select (scroll over) a large number of
> > application shortcuts (due to the caching system) than if you leave
> > Automatic Updates on. If you are worried about your privacy and you
> > dont believe that the data sent back and forth has not been checked
> > before, then you surely dont want to run Windows Updates ever. If you
> > want to cull some real system resources and have not already done so,
> > turn the Help and Support service to manual, that will save ~30mb on
> > boot, up until the first use of XP help; this will stop help links
> > from programs from forwarding to the correct page, until the service
> > has loaded once.
> >
> > As for worry over using bandwidth on your internet service, again, you
> > want to check this out as its a trickle service, not a flood. BITS
> > does not stand for Bloody Idiots Trashing Service; it means what it
> > says on the tin.
> >
> > On Fri, 20 Aug 2004 14:30:22 -0700, David Vincent
> >
> >
> > <support@...epdeprived.ca> wrote:
> > > joe wrote:
> > >
> > > >Yep, this is how it works now.
> > > >
> > > >You control whether Windows Update is updating or not via the security panel
> > > >in the control panel applets (wscui.cpl).
> > > >
> > > >
> > > To eb complete, I should have mentioned I have Automatic Updates turned
> > > off in the control panel.  I also had the service disabled before
> > > applying SP2 and venturing to Windows Update v5.
> > >
> > > >Of course if you aren't using automatic update you could always disable the
> > > >service and just reenable when you go to do the update, or don't use windows
> > > >update at all and just pull the downloads separately. We are talking about a
> > > >single command line to reenable that service
> > > >
> > > >
> > > Yep.
> > >
> > > >Is it a pain? Yes, for those who like to run minimal services. Is it a
> > > >security issue or life threatening, probably not.
> > > >
> > > >
> > > Agreed.
> > >
> > > -d


Powered by blists - more mailing lists